Add support to sig-proxy for podman-remote

Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
2025-08-06 19:44:14 +08:00 · 2022-09-20 12:11:39 +03:00
parent 30231d0da7
commit 7cfe0328f1
10 changed files with 179 additions and 12 deletions
--- a/pkg/signal/signal_common.go
+++ b/pkg/signal/signal_common.go
@ -9,6 +9,10 @@ import (
 	"syscall"
 )

+// Make sure the signal buffer is sufficiently big.
+// runc is using the same value.
+const SignalBufferSize = 2048
+
 // ParseSignal translates a string to a valid syscall signal.
 // It returns an error if the signal map doesn't include the given signal.
 func ParseSignal(rawSignal string) (syscall.Signal, error) {
@ -56,3 +60,14 @@ func StopCatch(sigc chan os.Signal) {
 	signal.Stop(sigc)
 	close(sigc)
 }
+
+// ParseSysSignalToName translates syscall.Signal to its name in the operating system.
+// For example, syscall.Signal(9) will return "KILL" on Linux system.
+func ParseSysSignalToName(s syscall.Signal) (string, error) {
+	for k, v := range SignalMap {
+		if v == s {
+			return k, nil
+		}
+	}
+	return "", fmt.Errorf("unknown syscall signal: %s", s)
+}
--- a/pkg/signal/signal_common_test.go
+++ b/pkg/signal/signal_common_test.go
@ -118,3 +118,52 @@ func TestParseSignalNameOrNumber(t *testing.T) {
 		})
 	}
 }
+
+func TestParseSysSignalToName(t *testing.T) {
+	type args struct {
+		signal syscall.Signal
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name: "Kill should work",
+			args: args{
+				signal: syscall.SIGKILL,
+			},
+			want:    "KILL",
+			wantErr: false,
+		},
+		{
+			name: "Non-defined signal number should not work",
+			args: args{
+				signal: 923,
+			},
+			want:    "",
+			wantErr: true,
+		},
+		{
+			name: "garbage should fail",
+			args: args{
+				signal: -1,
+			},
+			want:    "",
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ParseSysSignalToName(tt.args.signal)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ParseSysSignalToName() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("ParseSysSignalToName() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/pkg/signal/signal_linux.go
+++ b/pkg/signal/signal_linux.go
@ -89,3 +89,11 @@ var SignalMap = map[string]syscall.Signal{
 	"RTMAX-1":  sigrtmax - 1,
 	"RTMAX":    sigrtmax,
 }
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+	// Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+	// SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+	// https://github.com/containers/podman/issues/5483
+	return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
--- a/pkg/signal/signal_linux_mipsx.go
+++ b/pkg/signal/signal_linux_mipsx.go
@ -90,3 +90,11 @@ var SignalMap = map[string]syscall.Signal{
 	"RTMAX-1":  sigrtmax - 1,
 	"RTMAX":    sigrtmax,
 }
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+	// Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+	// SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+	// https://github.com/containers/podman/issues/5483
+	return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
--- a/pkg/signal/signal_unix.go
+++ b/pkg/signal/signal_unix.go
@ -87,3 +87,11 @@ var SignalMap = map[string]syscall.Signal{
 	"RTMAX-1":  sigrtmax - 1,
 	"RTMAX":    sigrtmax,
 }
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+	// Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+	// SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+	// https://github.com/containers/podman/issues/5483
+	return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
--- a/pkg/signal/signal_unsupported.go
+++ b/pkg/signal/signal_unsupported.go
@ -87,3 +87,9 @@ var SignalMap = map[string]syscall.Signal{
 	"RTMAX-1":  sigrtmax - 1,
 	"RTMAX":    sigrtmax,
 }
+
+// IsSignalIgnoredBySigProxy determines whether to sig-proxy should ignore syscall signal
+// keep the container running or not. In unsupported OS this should not ignore any syscall signal.
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+	return false
+}